diff --git a/src/eap_peer/eap_aka_prime.c b/src/eap_peer/eap_aka_prime.c index 115346eaa..e09aaf78a 100644 --- a/src/eap_peer/eap_aka_prime.c +++ b/src/eap_peer/eap_aka_prime.c @@ -54,6 +54,7 @@ struct eap_aka_data { struct wpabuf *id_msgs; int prev_id; int result_ind, use_result_ind; + u8 eap_method; }; @@ -80,7 +81,8 @@ static const char * eap_aka_state_txt(int state) static void eap_aka_state(struct eap_aka_data *data, int state) { - wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", + wpa_printf(MSG_DEBUG, "EAP-AKA%s: %s -> %s", + data->eap_method == EAP_TYPE_AKA_PRIME ? "'" : "", eap_aka_state_txt(data->state), eap_aka_state_txt(state)); data->state = state; @@ -96,6 +98,11 @@ static void * eap_aka_init(struct eap_sm *sm) if (data == NULL) return NULL; + if (1) + data->eap_method = EAP_TYPE_AKA_PRIME; + else + data->eap_method = EAP_TYPE_AKA; + eap_aka_state(data, CONTINUE); data->prev_id = -1; @@ -376,7 +383,7 @@ static struct wpabuf * eap_aka_client_error(struct eap_aka_data *data, u8 id, data->num_id_req = 0; data->num_notification = 0; - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_CLIENT_ERROR); eap_sim_msg_add(msg, EAP_SIM_AT_CLIENT_ERROR_CODE, err, NULL, 0); return eap_sim_msg_finish(msg, NULL, NULL, 0); @@ -394,7 +401,7 @@ static struct wpabuf * eap_aka_authentication_reject(struct eap_aka_data *data, wpa_printf(MSG_DEBUG, "Generating EAP-AKA Authentication-Reject " "(id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT); return eap_sim_msg_finish(msg, NULL, NULL, 0); } @@ -410,7 +417,7 @@ static struct wpabuf * eap_aka_synchronization_failure( wpa_printf(MSG_DEBUG, "Generating EAP-AKA Synchronization-Failure " "(id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE); wpa_printf(MSG_DEBUG, " AT_AUTS"); eap_sim_msg_add_full(msg, EAP_SIM_AT_AUTS, data->auts, @@ -449,7 +456,7 @@ static struct wpabuf * eap_aka_response_identity(struct eap_sm *sm, eap_aka_clear_identities(data, CLEAR_EAP_ID); wpa_printf(MSG_DEBUG, "Generating EAP-AKA Identity (id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_IDENTITY); if (identity) { @@ -469,7 +476,7 @@ static struct wpabuf * eap_aka_response_challenge(struct eap_aka_data *data, struct eap_sim_msg *msg; wpa_printf(MSG_DEBUG, "Generating EAP-AKA Challenge (id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_CHALLENGE); wpa_printf(MSG_DEBUG, " AT_RES"); eap_sim_msg_add(msg, EAP_SIM_AT_RES, data->res_len * 8, @@ -494,7 +501,7 @@ static struct wpabuf * eap_aka_response_reauth(struct eap_aka_data *data, wpa_printf(MSG_DEBUG, "Generating EAP-AKA Reauthentication (id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_REAUTHENTICATION); wpa_printf(MSG_DEBUG, " AT_IV"); wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); @@ -535,7 +542,7 @@ static struct wpabuf * eap_aka_response_notification(struct eap_aka_data *data, u8 *k_aut = (notification & 0x4000) == 0 ? data->k_aut : NULL; wpa_printf(MSG_DEBUG, "Generating EAP-AKA Notification (id=%d)", id); - msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_RESPONSE, id, data->eap_method, EAP_AKA_SUBTYPE_NOTIFICATION); if (k_aut && data->reauth) { wpa_printf(MSG_DEBUG, " AT_IV"); @@ -955,7 +962,7 @@ static struct wpabuf * eap_aka_process(struct eap_sm *sm, void *priv, return NULL; } - pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, reqData, + pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, reqData, &len); if (pos == NULL || len < 1) { ret->ignore = TRUE; diff --git a/src/eap_server/eap_aka_prime.c b/src/eap_server/eap_aka_prime.c index 77871d7a9..aaeef42d9 100644 --- a/src/eap_server/eap_aka_prime.c +++ b/src/eap_server/eap_aka_prime.c @@ -49,6 +49,7 @@ struct eap_aka_data { struct wpabuf *id_msgs; int pending_id; + u8 eap_method; }; @@ -80,7 +81,8 @@ static const char * eap_aka_state_txt(int state) static void eap_aka_state(struct eap_aka_data *data, int state) { - wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", + wpa_printf(MSG_DEBUG, "EAP-AKA%s: %s -> %s", + data->eap_method == EAP_TYPE_AKA_PRIME ? "'" : "", eap_aka_state_txt(data->state), eap_aka_state_txt(state)); data->state = state; @@ -99,6 +101,12 @@ static void * eap_aka_init(struct eap_sm *sm) data = os_zalloc(sizeof(*data)); if (data == NULL) return NULL; + + if (1) + data->eap_method = EAP_TYPE_AKA_PRIME; + else + data->eap_method = EAP_TYPE_AKA; + data->state = IDENTITY; eap_aka_determine_identity(sm, data, 1, 0); data->pending_id = -1; @@ -213,7 +221,7 @@ static struct wpabuf * eap_aka_build_identity(struct eap_sm *sm, struct wpabuf *buf; wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); - msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_IDENTITY); if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, sm->identity_len)) { @@ -309,7 +317,7 @@ static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm, struct eap_sim_msg *msg; wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge"); - msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_CHALLENGE); wpa_printf(MSG_DEBUG, " AT_RAND"); eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN); @@ -351,7 +359,7 @@ static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm, sm->identity_len, data->nonce_s, data->mk, data->msk, data->emsk); - msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_REAUTHENTICATION); if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) { @@ -379,7 +387,7 @@ static struct wpabuf * eap_aka_build_notification(struct eap_sm *sm, struct eap_sim_msg *msg; wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification"); - msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA_PRIME, + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, data->eap_method, EAP_AKA_SUBTYPE_NOTIFICATION); wpa_printf(MSG_DEBUG, " AT_NOTIFICATION (%d)", data->notification); eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification, @@ -437,10 +445,11 @@ static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id) static Boolean eap_aka_check(struct eap_sm *sm, void *priv, struct wpabuf *respData) { + struct eap_aka_data *data = priv; const u8 *pos; size_t len; - pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, respData, + pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, &len); if (pos == NULL || len < 3) { wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame"); @@ -899,7 +908,7 @@ static void eap_aka_process(struct eap_sm *sm, void *priv, size_t len; struct eap_sim_attrs attr; - pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_AKA_PRIME, respData, + pos = eap_hdr_validate(EAP_VENDOR_IETF, data->eap_method, respData, &len); if (pos == NULL || len < 3) return;